I see this syntax has been changed on June 25:
http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/pfctl/pfctl.c.diff?r1=1.80&r2=1.81
http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/pfctl/parse.y.diff?r1=1.106&r2=1.107
when it was moved to parse.y from pfctl.c. At that moment the "inf"
property vanished. So there's no way to actually set it to unlimited right
now.
Log message was:
move pfctl options -t, -m, -O and -l to pf.conf. These are set using the
"set" keyword. example rulefile:
set optimization aggressive
set timeout { tcp.closing 6, tcp.opening 6 }
set limit { states 1000, frags 1000 }
set loginterface wi0
pass out all keep state label "$nr:$srcaddr:$srcport:$dstaddr:$dstport"
block in all
fries@ is working on an updated pf.conf(5)
discussed at c2k2 and on icb
ok dhartmei@, kjell@
Will that be changed?
//Wouter
On Mon, 30 Dec 2002, Srebrenko Sehic wrote:
> On Mon, Dec 30, 2002 at 05:17:12PM +0100, Dries Schellekens wrote:
>
> > So I guess the correct syntax would be 'set limit states inf'. Can you try
> > this?
>
> Doesn't work either. I get,
>
> /etc/pf.conf:15: inf is not a number
> pfctl: Syntax error in file: pf rules not loaded
>
> // haver
